Axis system configuration listing enabled in WEB-INF/server-config.wsdd
Description
This Axis enabled web application has enabled listing of the Web Service Deployment Descriptor (WSDD). This feature exposes the current system configuration which contains sensitive information like the adminservice password.
It's recommended to modify the configuration file WEB-INF/server-config.wsdd to disable configuration listing .
Remediation
In the example below, the web application disable listing of the Web Service Deployment Descriptor (WSDD): <pre> <globalConfiguration> <parameter name="axis.enableListQuery" value="false"/> </globalConfiguration> </pre>